CVE-2022-37401

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from...

CVE-2025-62963 WordPress Estatik plugin <= 4.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through = 4.3.1...

EUVD-2024-40632

Malicious code in bioql PyPI...

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.

...

WordPress plugin CMP – Coming Soon & Maintenance 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...

Access Control Bypass

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks during the account deletion process. Remediation Upgrade moodle/moodle to version 4.1.13, 4.2.10, 4.3.7, 4.4.3 or higher. References -...

WordPress plugin Podlove Podcast Publisher 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability

CSRF to Remote Code Execution RCE vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Podlove Podcast Publisher versions = 4.1.13...

WordPress Podlove Podcast Publisher Plugin <= 4.1.13 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.1.13 Fixed in 4.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43983 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 71f42a372118 Credits Muhammad Daffa Required...

SPIP < 4.1.13, 4.2.x < 4.2.7 XSS Vulnerability

SPIP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip";...

Adiscon LogAnalyzer Cross-Site Scripting Vulnerability

Adiscon LogAnalyzer is a set of web front-end tools for system logs and other network event data. The tool provides log browsing, search and basic analysis, and graphical display. A security vulnerability exists in Adiscon LogAnalyzer version v.4.1.13. An attacker could exploit this vulnerability...

Adiscon LogAnalyzer SQL注入漏洞

Adiscon LogAnalyzer is a set of web front-end tools for system logs and other network event data. The tool provides log browsing, search and basic analysis, and graphical display. A security vulnerability exists in Adiscon LogAnalyzer v4.1.13 and earlier versions that stems from vulnerability to...

Apache OpenOffice 安全特征问题特征问题漏洞

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases, and more. A security signature issue vulnerability exists in Apache OpenOffice versions prior to 4.1.13, which ste...

CVE-2022-37400 Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...

Bolt Directory Traversal Vulnerability

Bolt is a simple CMS written in PHP. A directory traversal vulnerability exists in Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in versions of Bolt prior to 4.1.13. No detailed vulnerability details are provided at this time...

Bolt CMS 路径遍历漏洞

Bolt is a simple CMS written in PHP. A directory traversal vulnerability exists in Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in versions of Bolt prior to 4.1.13. No detailed vulnerability details are provided at this time...

GlobalProtect App: Local privilege escalation due to an unquoted search path vulnerability

An unquoted search path vulnerability in the Windows release of GlobalProtect App allows an authenticated local user with file creation privileges on the root of the OS disk C:\ or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect App 5.0...

TYPO3 Multiple Vulnerabilities (Oct 2009)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...